Backtrack Manual Part2

Project ReportProject Report

onon

Project by - Nutan Kumar Panda

Technology Evangelist ISEH

R&D - ATL Guwahati

Backtrack:BackTrack is one of the more popular distributions in the white hat circles. It is specially suited for penetration testing, with more than 300 tools available for the task. Like both Helix and

Project By: Nutan Kumar Panda

Protech, BackTrack is based on Ubuntu. This means good stability and hardware detection and a whole lot of software that can be easily obtained.

BackTrack is a Linux distribution distributed as a Live CD which resulted from the merger of WHAX(previously Whoppix) and the auditor security collection, which used for penetration testing.

The BackTrack project was created by Mati Aharani and Max moser and is collaborative effort involving the community.

1) Backtrack 2 released march 6, 2007(includes over 300 security tools)

2) Beta version of BackTrack 3 released Dec. 14, 2007(focus was to support more and newer hardware as well as provide more flexibility and

modularity)3) BackTrack 3 released june 19,2008

(new additions include SAINT and Maltego)4) Backtrack 3 Final Realesed Feb 11,20095) BackTrack 4 Beta Released Feb 11, 2009

(move to debian)6) BackTrack 4 pre-release Released 19th June, 20097) BackTrack 4 Final released 11th January 20108) BackTrack 4 R1 released may 8th,20109) BackTrack 4 R2 released November 22nd, 2010

BACKTRACK 4

Company/Developer Mati Aharani, Emanuele Gentilli, and othersOS family Unix-likeWorking State CurrentSource Model Open SourceLatest Stable release 4.0 R2/November 22nd , 2010Kernel type MonolithicDefault User Interface Bash,KDE,FluxboxLicense VariousOfficial Website www.backtrack-linux.org

Behind the curtains

BackTrack BaseThere have been many changes introduced into BackTrack 4 ‐ most notably, ourmove to an Ubuntu Intrepid base. We now maintain our own full repositories withmodified Ubuntu packages in addition to our own penetration testing tools.Another significant change is the updated kernel version, currently at 2.6.29.4. This


http://www.backtrack-linux.org/

new kernel brought an onset of internal changes, which have greatly changed thestructure of BackTrack.

BackTrack KernelWe no longer use lzma enabled squashfs as our live filesystem, which on one handresults in larger ISO size, but on the other hand, frees us from having to maintainour own kernel patches. This is especially painful these days, as squashfs is slowlymoving into the mainstream kernel (at the time of this writing).BackTrack 4 uses squashfs‐tools version 4.0 (which is not backward compatiblewith previous versions), and the inbuilt squashfs kernel module, which is present in2.6.29.4. AUFS is used as the unification filesystem (aufs2.x).Several wireless driver injection/optimization patches have been applied to thekernel, as well as a bootsplash patch. These patches can be found in the kernelsources package (/usr/src/linux/patches).

These changes mean that much of what you were used haschanged in terms of boot cheatcodes and such, as this kernel shift also means we nolonger use the livelinuxscripts to create our images (we use casper now).

FEATURES:

BackTrack focuses its central idea on the needs of penetration testers. The inclusion of live CD and Live USB functionality enables any user to just insert their respective data medium and boot up BackTrack

Direct hard disk installation(2.7GB uncompressed) can also be completed within the Live DVD(1.5GB compressed) environment the basic graphical installation wizard with no restart subsequent to installation. BackTrack further continue its compatibility with accessibility and internationalization by including support for japenese input in reading and writing in hiragana, katakana and kanji.

THE KEY ADIITION TO THE BACKTRACK SUITE are notably

1) Metasploit integration2) RFMON Injection capable wireless drivers3) Kismet4) Autoscan-network(AutoScan-Network is a network discovering and managing

application)5) Nmap6) Ettercap7) Wireshark(Formely known as Ethereal)8) BeEF(browser Exploitation Framework)


BackTrack’s functionality further increases with the arrangement of each tool in 11 categories. The tool categories are as follows.

1) Information Gathering 2) Network Mapping3) Vulnerability Identification4) Web Application Analysis5) Radio network, Analysis(802.11, Bluetooth, Rfid)6) Penetration(Exploit & social Engineering Toolkit)7) Privilege Escalation8) Maintaining Access9) Digital Foreensics10)Reverse Engineering11)Voice over IP

In relation to basic software packages, BackTrack includes some ordinary desktop programs such as Mozilla Firefox, Pidgin, K3b and XMMS.

UPDATING BACKTRACK

keeping BackTrack up to date is relatively simple by using the apt-get commands.

apt-get update : Synchronizes your package list with our repository. apt-get upgrade : downloads and installs all the updates available. apt-get dist-upgrade : downloads and installs all new upgrades.

Meta Packages A nice feature that arises from the tool categorization, is that we can now support “Backtrack meta Packages”.A meta package is a dummy package which includes several other packages.For eg., the meta package “backtrack web” would include all the web application penetration testing tools backtrack has to offer.

Meta Meta packagesThere are two “Meta Meta Packages”: BackTrack world and BackTrack-desktop. BackTrack-World contains all the backtrack meta packages, while backtrack-desktop contains backtrack-world, backtrack-networking and backtrack-multimedia. The latter two meta packages are select applications imported from Ubantu Repositories.


Working with BackTrack

BackTrack 4 contains an “imposed” KDE3 repository, alongside the KDE4 UbuntuIntrepid repositories.

Updating tools manuallyOur BackTrack repositories will always strive to keep updated with the latestversions of tools, with the exception of a select few. These “special” tools getupdated by their authors very frequently, and often include significant updates. Wefelt that creating static binaries for these types of tools would not be beneficial andusers were better of keeping these tools synched with the SVN versionsrespectively. The tools include MSF, W3AF, Nikto, etc.

Installation

BackTrack comes as a live CD, so to run it, you simply need to insert it in the CD drive and then boot the system. At the prompt, log on as root and then enter the root password toor before going on to set up the GUI with xconf. After you have completed the setup, simply type startx to launch the GUI. If an error occurs, try gui as a workaround for launching the graphical interface.If you need to, you can type dhcpcd to ask the DHCP server for an IP address. BackTrack does not do this automatically. BackTrack’s KDE-based menu system provides access to dozens of security tools and other forensic-analysis applications (see Figure 1). Browsing the BackTrack menu is a little like browsing the many menus and submenus of a games distribution; only, instead of a bunch of games, the GUI is stocked with sniffers, spoofers, scanners, and other utilities to assist you with security testing.

Creating your own Live CD – Method 1Creating your own flavor of BackTrack is easy.1. Download and install the bare bones version of BackTrack2. Use apt get to install required packages or meta packages.‐3. Use remastersys to repackage your installation.

Creating your own Live CD – Method 2Download the BackTrack 4 iso. Use the customization script to update and modifyyour build as show here:http://www.offensive security.com/blog/backtrack/customising backtrack live cdthe‐ ‐ ‐ ‐ ‐easy way/‐

Installing BackTrack to USBThe easiest method of getting BackTrack4 installed to a USB key is by using theunetbootin utility (resent in BackTrack in /opt/).

Installing Backtrack to a harddrive (using Ubiquity)Boot from the Backtrack DVD and choose “Start Backtrack in Text Mode”Backtrack will boot and will automatically end up at a root prompt.


Launch the GUI by running ‘startx’.Open a konsole and run ‘ubiquity’.At the “Language crashed” dialog, choose “Continue anyway’”Set timezone and choose keyboard layout.Let backtrack partition the disk. (‘Use entire disk’)Enter new user account information. (Pick a strong password, as this will be the user account used to log on into Backtrack)Review the installation summary and press “install” to start the installation.Reboot when installation has completedLog in with the newly created userchange the password for root (sudo passwd root)

Lots of great stuff

Like most Linux distros - and definitely all forensics/security-oriented tools, BackTrack works primarily as a live CD, with good hardware detection and low memory footprint, intended to make it usable even on older machines. It is also possible to install BackTrack, should one desire.

The boot menu is simple and elegant, with three options.

The second option (Console no FB) stands for Console no Framebuffers, i.e. the failsafe mode with minimal graphics that should work well on all hardware. Thanks k finity! As to the third option, MSRAMDUMP, I did try booting it, but this produced an error and threw me back into the boot menu.

The distro maintains its elegance by booting into the best-looking console I have seen, with stylish color gradients and mirror effects. You can begin working instantly on the command-line or boot into GUI desktop by issuing startx command.


Desktop

The desktop is simple and functional, running a lightweight KDE3 manager. You get a simple wallpaper with dragon-like theme. Another interesting element is the Run box embedded in the panel, which allows you to run applications without invoking a terminal first.

The network is not enabled by default and you'll have to fire it up manually.

Tools

BackTrack is all about lots and lots of hacking tools. Once again, I'm only going to present the tools, not show you how to use them. These tools are all double-edged swords, and without the right amount of respect, skill and integrity, you may cause more harm than good. Furthermore, do not deploy them in a production environment without the explicit approval from system administrators and INFOSEC people.


The tools can all be found under Backtrack in the menu, arranged into sub-categories. The collection is long and rich and it will take you a long time pouring over all of them, let alone mastering them. Most of the tools are command-line utilities, with menu items a link to the console with the relevant tool running inside it.


Backtrack 4 R2 Tools:

Go to Kmenu->Backtrack

1. Information Gathering

Archiveo Metagoofilo SEAT

DNSo DNS-Walko DNSTracero Dns Enumo Dnsmapo Dnsmap-bulko Dnsrecono Fierceo Lbd

Routeo 0trace


o Dmitryo Ltraceo Lanmapo Netenumo Protoso TCPtracerouteo Tctrace

Searchengineo Googmailo Goohosto Goorecono Gooscano MetaGoofilo SEATo TheHarvestero WhatWeb

Dradis Client Dradis Server Paterva Maltego CE

2. Network Mapping

Identify Live Hostso 0traceo 5nmpo Angry IPScano Arpingo Autoscan


o Fpingo Genlisto Hping2o Hping3o Lanmapo Lanmap2o Nbtscano Netiferao Nmapo Nsato Onesixtyoneo OutputPBNJo SCTPscano SSLscano ScanPBNJo TCPtracerouteo Unicornscano Zenmap

OS-Fingerprintingo 5nmpo Autoscano Lanmap2o Nmapo Nsato Onesixtyoneo P0fo Protoso SSLscan


o Unicornscano XProbe2o Zenmap

Portscanningo Angry IPScano Autoscano Genlisto Netiferao Nmapo Nsato OutputPBJNo Propeciao SCTPscano ScanPBJNo Unicornscano Zenmap

Service Fingerprintingo Amapo Dmitryo Httprinto Httprint_GUIo Httsquasho LetDowno ReverseRaider

VPNo Ike-scano PSK-Crack


3. Vulnerability Identification

Ciscoo Cisco Auditing Toolo Cisco Global Exploitero Cisco OCS Mass Scannero Cisco Passwd Scannero Copy Router Configo Merge Router Config

Fuzzerso Bedo Bf3o Bunnyo Dkftpbencho Fuzzgrindo Fuzzgrind GUIo JBroFuzzo JBroFuzz-Encodero Peacho Spikeo Voipero WsFuzzero ZZuf

OpenVaso OpenVas Add Usero OpenVas Clio OpenVas Cliento OpenVas Make Certo OpenVas NVT Sync


o Start OpenVas Administratoro Start OpenVas Managero Start OpenVas Scannero Stop OpenVas Administratoro Stop OpenVas Managero Stop OpenVas Scanner

SMB Analysiso Impacket samrdumpo Impacket smbcliento SMBcliento Smb4K

SNMP Analysiso ADMSnmpo Braao SNMP Walko SNMPchecko Snmp Enum

4. Web Application Analysis

Database (backend)o MSSQL

DBPwAudit MSSQLScan Metacoretex Pblind SA Exploiter SQL Ninja


SQLMap SQLbrute SQLix

o MYSQL DBPwAudit Metacoretex Mysqlaudit Pblind SQLCheck SQLData SQLMap SQLix Sqlsus UDF

o Oracle DBPwAudit Metacoretex Opquery Opwg Oscanner Ose Otnsctl Pblind SQLMap SQLbrute SQLix THC-OracleCrackert

Web (frontend)o ASP-Audit


o Burpsuiteo Burpsuite Msfo CSRFTestero Curlo DFF Scannero DharmaEncodero DirBustero Fimapo Flareo Flasmo Grabbero Grendel Scano HCrafto Httprinto Httprint_GUIo Jmetero JoomScano Lbdo List-Urlso Lynxo Mini Mysqlat0ro Nikto2o OpenAcunetixo Paros Proxyo Powerfuzzero Ratproxyo SWFintrudero Skipfish


o SoapUIo W3AF (Console)o W3AF (GUI)o WBoxo WMATo Wafw00fo Wapitio Web Securityo Webscarab Liteo Webshag CLIo Webshag GUIo Wfuzzo Xsss

5. Radio Network Analysis

80211o Cracking

ASLEAP AirSnarf AirSnort Airbase-ng Aircrack-ng Aircrack-ng Airdecap-ng Airdecloak-ng Airdriver-ng Airdrop-ng


Aireplay-ng Airmon-ng Airdump-ng Airdump-ng-oui-update Airolib-ng Airoscript Airpwn-ng Airserv-ng Airtun-ng Buddy-ng Cowpatty Decrypt Easside-ng Gencases Genpmk Gerix-Wifi-Cracker-NG GrimWepa Ivstools Kismat Kstats MDK3 Orino-Hopper Packetforge-ng Pyrit Tkiptun-ng WEPCrack WEPCrack IVgen WEPCrack getIV WepBuster Wep_keygen


Wesside-ng WifiZoo

o Misc APHooper AirFlood Airgraph-ng Airgraph-ng dump join Airopdate Baffle Baffle GUI GISKismat GPSmap-expedia Kisgearth Kmsapng MacChanger Mitmap PCapDump SSIDSniff Schnappi-dhcp Wavemon Wispy GTK Xgps Zulu

o Spoofing AirSnarf Airbase-ng Aircrack-ng Aircrack-ng Airdecap-ng Airdecloak-ng


Airdriver-ng Airdrop-ng Aireplay-ng Airmon-ng Airdump-ng Airdump-ng-oui-update Airolib-ng Airpwn-ng Airserv-ng Airtun-ng Buddy-ng Easside-ng FakeAP Gerix-Wifi-Cracker-NG Ivstools Kstats Packetforge-ng Tkiptun-ng Wep_keygen Wesside-ng WifiZoo Wifitap Wifitap-Arp Wifitap-DNS Wifitap-Ping

Bluetootho BCCMDo BSSo BTAddr


o BTAudit psmo BTAudit rfcommo BTPinCracko BlueMahoo BlueScano BlueSnaffero BlueSquirrelo BlueSquirrel-Picoo Braceso CW-Toolso CarWhishpero Frontlineo Ghettotootho GreenPlaqueo HID-Attacko ObexStresso Packet Replayo TBSearcho TBearo Tanyao BlueSmasho Bluebuggero Blueprinto Btscannero HCIDumpo Minicomo ObexFTPo Redfang


o Ussp-Push RFID

o RFIDIOt ACG Brute Force Hitag2 Bruteforce MIFARE Bruteforce mifare Calculate JCOP MIFARE Keys Continuous Select TAG Copy ISO15693 TAG Epassport READ WRITE CLONE Format MIFARE 1k Value Blocks Identify HF TAG Type Identify LF TAG Type JCOP Info JCOP MIFARE READ WRITE JCOP Set ATR Historical Bytes READ WRITE CLONE Unique (EM4x02) Read ACG Reader EEPROM Read LF TAG Read MIFARE Read TAG Reset Q5 TAG Select TAG Set FDX-B ID Test ACG LAHF

o RFIDIOt Frosch READ WRITE CLONE Unique (EM4x02) Reset Hitag2 TAG Set FDX-B ID


Test Frosh Readero RFODIOt PCSC

/Identify HF TAG Type Bruteforce MIFARE Calculate JCOP MIFARE Keys Chip & PIN info Continuous Select TAG EPassport READ/WRITE/CLONE Install ATR Historical Byte applet to JCOP Install Mifare applet to JCOP Install vonjeek ePassport emulator to JCOP Install vonjeek ePassport emulator to Nokia JCOP Info JCOP MIFARE READ/WRITE JCOP Set ATR Historical Bytes Read MIFARE Read TAG Select TAG

6. Penetration

ExploitDBo Online Resources

www.exploit-db.com o Update Exploitdb

Fast Tracko Fast-Track Interactiveo Fast-Track WebGUIo Fast-Track Command Line


http://www.exploit-db.com/

Ingumao Ingumao Ingumagui

Metasploit Exploitation Frameworko Framework Version 2

Framework2-MsfCli Framework2-MsfConsole Framework2-MsfUpdate Framework2-Msfweb

o Framework Version 3 MsfUpdate MsfConsole Msfgui

Social Engineering Toolkito Social Engineering Toolkito S.E.T-Webo S.E.T-Automationo S.E.T-Update

Sapyto

7. Privilage Encapsulation

PasswordAttackso OfflineAttacks

Rainbowcrack RTDump RTGen RTSort Rainbowcrack


Bkhive CUPP CeWL Crunch Hashcat John Oclhashcat Ophcrack Ophcrack GUI Pw-inspector Pyrit RTDump RTGen RTSort Rainbowcrack Rarcrack Saltymd5 Samdump2 Whd

o OnlineAttacks BruteSSH DNSBruteforce Hydra Lodowep Medusa NCrack RWW-Attack SSHater TFTP-bruteforce VNCrack


XHydrao Chntpw

Snifferso Arpalerto DSniffo Driftneto Etherapeo Ettercapo Ettercap-GTKo Ferreto Hamstero Ntopo SMBRelay3o SSLDumpo SSLStripo TcPicko Tsharko Wiresharko XPlicoo Xspyo Xwatchwin

Spoofing ADM-dns-tools Etherape Ettercap Ettercap-GTK ICMP Redirect IRDP Responder


ISP Igrp route injection Inundator Middler Nemesis NetSed Netenum PackETH Packit SSLDump SSLStrip Scapy Sing TCPreplay THC-IPv6

8. Maintaining Access

Backdoors and Rootkitso Web Backdoors Compilation

Tunneling 3proxy Cryptcat DNS2tcp Miredo Miredo-server Nstx ProxyTunnel Proxychains


Proxyresolv Ptunnel Sbd Socat Stunnel4 TinyProxy UDPtunnel

9. Digital Forensics

Anti Forensicso Scrubo Wipe

File Carvingo Foremosto Magicrescue

Forensic Analysiso Allin1o Autopsyo ExifToolo Fatbacko MboxGrepo Memdumpo PhotoReco Scalpelo TestDisko TrIDo Unhide-Linux26


o Unhide-Posixo Unhide-TCPo Vinettoo Volatilityo XPlico

Image Aquiringo AIR Imagero Afcato Afcompareo Afconverto Affixo Afinfoo Afstatso Afxmlo Aimageo Chkrootkito Calmscano DCFLDDo DD_rescueo Galleta

10. Reverse Engineering

Evans Debugger GDB GNU Debugger IDA Pro Free OlleyDBG


11. Voice Over IP

VoIP Analysiso Signalling

Ace Add_registrations EnumlAX Erase_Registrations IWar Iaxflood Inviteflood Ohrwurm PCAPsipdump Protos-Sip RTP Flood RTP InsertSound RTP MixSound RTPInject RTPbreak RedirectPoison SIPP SIPSak SIPcrack SIPdump SIPvicious Sip-scan Sip_rouge Smap Teardown UCSniff


Vnak Voiper Voiphopper Voipong Vomit Warvox

12. Miscellaneous

Dkftpbench Dragon IPcalc Icommander Icommander-client Kmsapng Leo MacChanger Mitmap NetActView NetSed Packet-o-matic Schnappi-dhcp SendEmail Tpcat USBview Utilman ValGrind Wavemon Wgetpaste


Apart from all these tools, Backtrack 2 R2 contains some important services like

BEEF GPSD HTTPD Mysql NETWORK PCSCD SNORT SSH TFTPD VNC


Backtrack Manual Part2

Education

Transcript of Backtrack Manual Part2